diff --git a/infra/vultr-kubernetes/ingress.tf b/infra/vultr-kubernetes/ingress.tf
index bb4731c..d73acf7 100644
--- a/infra/vultr-kubernetes/ingress.tf
+++ b/infra/vultr-kubernetes/ingress.tf
@@ -1,9 +1,9 @@
 locals {
   services = {
-    code    = kubernetes_service.gitea
-    sanity  = kubernetes_service_v1.health
-    uptime  = kubernetes_service.kuma
-    wiki    = kubernetes_service.otterwiki
+    "code.shockrah.xyz"    = kubernetes_service.gitea
+    "sanity.shockrah.xyz"  = kubernetes_service_v1.health
+    "uptime.shockrah.xyz"  = kubernetes_service.kuma
+    "wiki.shockrah.xyz"    = kubernetes_service.otterwiki
   }
 }
 resource kubernetes_ingress_v1 health {
@@ -17,19 +17,17 @@ resource kubernetes_ingress_v1 health {
     }
     spec {
         ingress_class_name = "nginx"
-        tls {
-            hosts = [
-                "sanity.shockrah.xyz",
-                "uptime.shockrah.xyz",
-                "code.shockrah.xyz",
-                "wiki.shockrah.xyz"
-            ]
-            secret_name = "shockrah"
+        dynamic tls {
+          for_each = local.services
+          content {
+            hosts       = [tls.key]
+            secret_name = "${tls.value.metadata[0].name}-secret"
+          }
         }
         dynamic "rule" {
           for_each = local.services
           content {
-            host = "${rule.key}.shockrah.xyz"
+            host = "${rule.key}"
             http {
               path {
                 path = "/"